jwt-exploit-toolkit

JWT Exploit Toolkit !Pythonhttps://img.shields.io/badge/Py...

UBUNTU-CVE-2025-39962

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix untrusted unsigned subtract Fix the following Smatch static checker warning: net/rxrpc/rxgkapp.c:65 rxgkyfsdecodeticket warn: untrusted unsigned subtract. 'ticketlen - 10 4' by prechecking the length of what we're tryi...

CVE-2025-39962 rxrpc: Fix untrusted unsigned subtract

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix untrusted unsigned subtract Fix the following Smatch static checker warning: net/rxrpc/rxgkapp.c:65 rxgkyfsdecodeticket warn: untrusted unsigned subtract. 'ticketlen - 10 4' by prechecking the length of what we're tryi...

CVE-2025-39962 rxrpc: Fix untrusted unsigned subtract

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix untrusted unsigned subtract Fix the following Smatch static checker warning: net/rxrpc/rxgkapp.c:65 rxgkyfsdecodeticket warn: untrusted unsigned subtract. 'ticketlen - 10 4' by prechecking the length of what we're tryi...

CVE-2020-35918

An issue was discovered in the branca crate before 0.10.0 for Rust. Decoding tokens with invalid base62 data can panic...

BeamClean: Language Aware Embedding Reconstruction

In this work, we consider an inversion attack on the obfuscated input embeddings sent to a language model on a server, where the adversary has no access to the language model or the obfuscation mechanism and sees only the obfuscated embeddings along with the model's embedding table. We propose...

GHSA-5357-C2JX-V7QH Authlib has algorithm confusion with asymmetric public keys

lepture Authlib before 1.3.1 has algorithm confusion with asymmetric public keys. Unless an algorithm is specified in a jwt.decode call, HMAC verification is allowed with any asymmetric public key. This is similar to CVE-2022-29217 and CVE-2024-33663...

PT-2024-4196 · Pypi +2 · Python-Jose +2

Name of the Vulnerable Software and Affected Versions: python-jose versions 3.3.0 and earlier Description: The issue is related to high resource consumption during the decoding of a crafted JSON Web Encryption JWE token, which can be exploited by a remote attacker to cause a denial of service. Th...

python-jose 安全漏洞

python-jose is a JOSE implementation in Python by the individual developer Michael Davis. A security vulnerability exists in python-jose 3.3.0 and earlier versions that originated from allowing an attacker to cause a denial of service via a specially crafted high-compression rate JSON Web...

GSS-NTLMSSP 缓冲区错误漏洞

GSS-NTLMSSP is gssapi open source mechglue plugin that implements the NTLM authentication GSSAPI library . GSS-NTLMSSP version 1.2.0 before the buffer error vulnerability , the vulnerability stems from the application allows a length greater than 4GB of the token , an attacker can use the...

CVE-2020-35918

An issue was discovered in the branca crate before 0.10.0 for Rust. Decoding tokens with invalid base62 data can panic...

Rust branca crate security vulnerability

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in branca crate before 0.10.0 for Rust, which stems from the fact that decoding tokens with invalid base62 data may cause panic...